MICROSOFT DETOURS SECURITY UPDATE

Answer ID 3809   |    Published 11/13/2015 03:10 PM   |    Updated 11/18/2015 07:23 AM
MICROSOFT DETOURS SECURITY UPDATE

Vulnerability Description:

NVIDIA uses the Microsoft Detours library to provide general hooking support in NVIDIA Optimus drivers for discrete GPU products on Windows 7, Windows 8 and Windows 10 platforms.

A bug in the Detours implementation has the potential to reduce the effectiveness of some operating system security features by modifying the headers of hooked process modules to add WRITE capability to headers that would otherwise be READ|EXECUTE only.

NVIDIA is re-releasing an updated Detours library with current builds to resolve the issue and bring NVIDIA systems up to date with the latest Microsoft Detours patch level.

Exploit Scope and Risk:

NVIDIA believes that systems with the unpatched Microsoft detoured.dll are at increased risk for malicious software intrusion.

Risk evaluation requires code flaws in hooked modules, for which it is impossible to provide a concrete CVSS score. Analysis of local bugs in non-NVIDIA components within the target machine is outside the scope of this security report.

NVIDIA urges users to update their driver to eliminate the increased risk posed by the dilution of OS security features due to an unpatched detoured.dll.

Vulnerable Configurations:

This issue affects all Windows 7, Windows 8, and Windows 10 Legacy Optimus systems. Windows 10 systems using the MS Hybrid model for iGPU/dGPU switching are not affected by this issue.

NVIDIA Linux drivers do not use the detoured.dll hooking system and are unaffected by this vulnerability.

Vulnerability Discovery:

NVIDIA in cooperation with McAfee/Intel Security determined that certain builds were not appropriately patched.


Fix:

NVIDIA recommends that users upgrade to the fixed driver version - details below.

Branch

1st version including fix

Windows

R358

358.87

Windows

R352

354.35

Mitigations:

If you have a particular build that requires patching not listed here, it is expected, but untested, that the patched detoured.dll from an R358/R352 public package may be used to update a system in place.

Replace the detoured.dll file on your local system with the patched version. Note, there may be other components in using the Microsoft Detours library. Consult with your local support engineer to evaluate the efficacy of this change and its impact on your local environment.

Always observe the following safe computing practices:

· Only download or execute content and programs from trusted third parties.

· Run your system and programs with the least privilege necessary. Users should run without root privileges whenever possible.

· When running as root, do not elevate privileges for activities or programs that don't need them.

Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.

Print